This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 76a202a89db4c8da7587075da96c995b76e507ca Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Tue Feb 25 13:52:09 2014 +0100 Add --drop-privileges feature so that x2gobroker-daemon can drop root privileges when started via systemd. --- bin/x2gobroker | 30 +++++++++++++++++++++++++++++- debian/changelog | 2 ++ man/man1/x2gobroker.1 | 5 +++++ x2gobroker-daemon.service | 2 +- 4 files changed, 37 insertions(+), 2 deletions(-) diff --git a/bin/x2gobroker b/bin/x2gobroker index 5086845..a8ef7ab 100755 --- a/bin/x2gobroker +++ b/bin/x2gobroker @@ -27,6 +27,8 @@ import argparse import socket import logging import atexit +import pwd, grp + try: import daemon @@ -41,7 +43,6 @@ try: except ImportError: CAN_DAEMONIZE = False - def prep_http_mode(): global urls @@ -92,6 +93,25 @@ from x2gobroker import __VERSION__ from x2gobroker import __AUTHOR__ from x2gobroker.loggers import logger_broker, logger_access, logger_error, tornado_log_request +def drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER): + if os.getuid() != 0: + # We're not root so, like, whatever dude + return + + # Get the uid/gid from the name + running_uid = pwd.getpwnam(uid).pw_uid + running_gid = grp.getgrnam(gid).gr_gid + + # Remove group privileges + os.setgroups([]) + + # Try setting the new uid/gid + os.setgid(running_gid) + os.setuid(running_uid) + + # Ensure a very conservative umask + old_umask = os.umask(077) + interactive_mode_warning = False # check effective UID the broker runs as and complain appropriately... if x2gobroker.defaults.X2GOBROKER_USER != x2gobroker.defaults.X2GOBROKER_DAEMON_USER and os.geteuid() != 0: @@ -118,6 +138,11 @@ if __name__ == "__main__": {'args':['-P', '--pidfile'], 'default': pidfile, 'help': 'Alternative file path for the daemon\'s PID file', }, {'args':['-L', '--logdir'], 'default': daemon_logdir, 'help': 'Directory where log files for the process\'s stdout and stderr can be created', }, ]) + if os.getuid() == 0: + daemon_options.extend([ + {'args':['--drop-privileges'], 'default': False, 'action': 'store_true', 'help': 'Drop privileges to uid X2GOBROKER_DAEMON_USER and gid X2GOBROKER_DAEMON_GROUP', }, + ]) + sshbroker_options = [ {'args':['--task'], 'default': None, 'metavar': 'BROKER_TASK', 'help': 'broker task (listsessions, selectsession, setpass, testcon', }, {'args':['--user'], 'default': None, 'metavar': 'USER_NAME', 'help': 'Operate on behalf of this user name', }, @@ -140,6 +165,9 @@ if __name__ == "__main__": cmdline_args = p.parse_args() + if cmdline_args.drop_privileges: + drop_privileges() + if cmdline_args.config_file is not None: x2gobroker.defaults.X2GOBROKER_CONFIG = cmdline_args.config_file diff --git a/debian/changelog b/debian/changelog index 63dce8c..b0e6113 100644 --- a/debian/changelog +++ b/debian/changelog @@ -86,6 +86,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low - Provide symlink x2gobroker-daemon. - Provide systemd service files for x2gobroker-daemon and x2gobroker-authservice. + - Add --drop-privileges feature so that x2gobroker-daemon can drop root + privileges when started via systemd. * debian/control: + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. + Fix SYNOPSIS texts. diff --git a/man/man1/x2gobroker.1 b/man/man1/x2gobroker.1 index 00ccc1f..5159d60 100644 --- a/man/man1/x2gobroker.1 +++ b/man/man1/x2gobroker.1 @@ -80,6 +80,11 @@ Custom PID file location when daemonizing (default: <RUNDIR>/x2gobroker/x2gobrok .TP \*(T<\fB\-L, \-\-logdir\fR\*(T> Directory where stdout/stderr will be redirected after having daemonized (default: /var/log/x2gobroker/). +.TP +\*(T<\fB\-D, \-\-drop\-privileges\fR\*(T> +If started as root, drop privileges to uid X2GO_DAEMON_USER and gid X2GO_DAEMON_GROUP (as configured +in \fI/etc/x2go/broker/defaults.conf\fR on systemd systems or \fI/etc/defaults/python-x2gobroker\fR +on SystemV systems). .SH "FILES" /etc/x2go/x2gobroker.conf, /etc/x2go/broker/* (configuration files) .PP diff --git a/x2gobroker-daemon.service b/x2gobroker-daemon.service index fa13e00..20438d6 100644 --- a/x2gobroker-daemon.service +++ b/x2gobroker-daemon.service @@ -3,7 +3,7 @@ Description=X2Go Session Broker Daemon [Service] Type=forking -ExecStart=/usr/bin/x2gobroker-daemon +ExecStart=/usr/bin/x2gobroker-daemon -D --drop-privileges PIDFile=/run/x2gobroker/x2gobroker-daemon.pid [Install] -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git